Backfiring biometrics

I’ve written on a number of occasions about the fallibility of biometrics as a trusted means to find or identify an individual. Setting aside problems with the mathematics of biometrics and associated false accept / false reject issues, my biggest concern is the human factor: once the authorities have it into their heads that biometrics never lie, common sense and good judgement go out the window. This is particularly important where biometric evidence is used in a police investigation, since it becomes impossible for defendants to challenge either the accuracy of the original evidence, or of the procedures used to process it within the investigation. High-profile false convictions become inevitable, and it would only take a few such cases to completely undermine the evidential value of biometrics even in apparently ‘open and shut’ cases.

Perhaps the most important example of this in the UK is that of Shirley McKie, a police officer whose fingerprint was allegedly discovered at the scene of a murder in 1997. Despite the absence of motive or any other evidence, she was brought to trial and eventually cleared of perjury when she defended her innocence of involvement in the crime. Four supposed experts asserted that the print had to be hers, and in the wake of her trial three accepted redundancy and one was sacked. Mrs McKie, having left the police service, was subsequently awarded £750,000 in compensation, and one of the experts was eventually reinstated having successfully challenged her dismissal at an employment tribunal. HM Chief Inspector of Constabulary demanded an overhaul of procedures, and a public inquiry is now under way.

Aside from the ridiculous waste of public funds in pursuing a patently unsafe conviction, the most disturbing aspect of the case is the way in which police and justice authorities closed ranks to protect their own staff and their unswerving faith in biometric evidence. The Scottish Information Commissioner Kevin Dunion has ordered that 131 previously unreleased documents about the case be provided to Mrs McKie. Whilst only a fraction of the 630 documents yet to be disclosed (and likely to remain secret because of other legal exemptions), this demonstrates just how hard it is for an individual to fight a case once there is a claim of infallible biometric evidence against them.

I very much hope that Mrs McKie is successful in exposing every flaw that lead to this ridiculous situation, and that authorities across the UK – not just in Scotland – take heed of the lessons learned and modify their attitudes towards biometric evidence accordingly.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

If not a biometric tool, what device or approach would you propose as a more reliable and secure method for positive identification of individuals? In your article, you use a wide brush to denigrate biometric identification technologies without regard for applications other than forensics that '...throws the baby out with the bathwater....' Certainly, there is a difference between the application of certain biometrics for forensic purposes vis-a-vis access control purposes. "...biometrics never lie, ..." Nonsense. All biometric-based systems have a margin of error; to err, however, is not the same as a lie. The issue is whether the error rate for biometrics is any worse than the error rate for any other identification tool. Dan Nickell Principal Croftware, LLC Vienna, VA
Dan, I'm a big fan of biometrics - what I object to is inappropriate usage of them and the way that authorities have so often closed ranks around systems and processes that have ignored fundamental flaws. We've seen police amassing huge amounts of DNA unnecessarily and illegally; schools collecting fingerprint images when only a template would be necessary (and the proportionality of biometric technology at all remains questionable); individuals harassed, extradited, arrested and jailed over a single forensic item where all evidence points to there having been another rational explanation for the evidence. If we allow governments to misrepresent the accuracy of biometric systems and then refuse to acknowledge the fallibility of the associated processes, then our entire trust in the technologies for ID or evidential purposes will collapse and we've lost them altogether.
We really have to get a grip on separating the criminal/forensic uses of biometrics from the commercial activity. This is mainly a risk for fingerprint biometrics, and DNA is something of a red herring in this sense as its use is still limited to medical and forensic applications (I'd concede there could be serious consequences if DNA testing were ever to be permitted for example in assessing insurance risk). Structures must be developed so that the possibility of creep between systems intended for commercial or general public service use, and those for criminal usage, is extremely low (one can never rule out negligence or deliberate criminal acts, but the consequences can be mitigated). Technology tools exist to do this, but the systemic structures have not been thought through, reduced to everyday pieces of logical reasoning and process, and then aired in a reasonably "public" debate. Biometrics are a tool like any other that is used by humans - therefore fallible in a variety of ways. But there is a broad set of applications, mainly related to the concept of "entitlement" rather than "identification", where proportionate use of automated biometrics technology can be very valuable. Martin George, Smart Sensors Ltd, UK
Couldn't have put it better myself Martin...
One point on this case that seems to be constantly overlooked in this case is the fact that Miss Mckie's own qualified expert witness, (Swan) attributed the mark to her. The second expert(?) who's qualifications were those that "god had given him" said it was not hers.
"We really have to get a grip on separating the criminal/forensic uses of biometrics from the commercial activity." Martin is absolutely right, and I would add that the commercial use of biometrics will be more about convenience than security.
Of course you have completely overlooked the possibility that Ms McKie DID leave her mark at the house and that the the SCRO FP examiners (and several others) were correct in their findings!
Toby raises issues that do need to be discussed and understood by the non-technical security and legal communities, and of course the forensic vs. commercial reliance issue needs to be properly evaluated. However I suggest the big difference, from expensive practical experience, is that biometrics currently works well within a closed community, when the user is registered and other confirming factors are used in conjunction with the relevant biometric, but it falls apart when it is relied upon in the 'open world': Simply using a single biometric identifier on e.g. an open mall ATM is going to fail as the false acceptance vs. false rejection ratios cannot yet cope with the millions of potential users (even if they also have a credit/debit card as well). Yes - it will work sometimes, but the best current systems still fail too often to be relied on for commercial use.
I'm assuming that the rest of the legal process was correct - this sounds more like another "Phantom of Heilbronn"...
Couldn't agree more - and good to hear from you after all this time!
I could not agree more and would go further. The whole question of expert evidence in our courts requires immediate assessment. Case after case has shown the frailty of 'experts' not only in my daughter's case but also those of innocent victims like Sally Clarke. As the years pass I am made aware of more and more errors by experts, the latest being faulty toxicology reports. The days of expert infallibility are well and truly gone. It is time the system woke up to the fact.